(maint) Add step to mend scan GHA to report any vulns found

.github/workflows/mend.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+      - puppet8
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -37,3 +39,12 @@ jobs:
         WS_USERKEY: ${{ secrets.MEND_TOKEN }}
         WS_PRODUCTNAME: CD4PE
         WS_PROJECTNAME:  ${{ github.event.repository.name }}
+    - name: "report vulnerabilities"
+        id: vulnerabilities
+        uses: puppetlabs/get-mend-vulnerabilities@v2
+        with:
+          product_token: ${{ secrets.MEND_PRODUCT_TOKEN }}
+          product_display_name: "CD4PE"
+          user_token: ${{ secrets.MEND_TOKEN }}
+          fail_on_alert: "true"
+          projects: "puppet-dev-tools"